Urgent Tech Update – Critical vulnerability on windows DNS server
Windows DNS Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
The following registry modification has been identified as a workaround for this vulnerability.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters DWORD = TcpReceivePacketSize Value = 0xFF00
Note: A restart of the DNS Service is required to take effect.
Please see 4569509 for more information.
To remove the workaround
After applying the patch, the admin can remove the value TcpReceivePacketSize and its corresponding data so that everything else under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters remains as before.
To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.